As it continues to rapidly accelerate growth in the market, Oligo Security, the leading runtime application security and observability platform, today announced the appointment of Mike O’Malley as Chief Marketing Officer (CMO).

O’Malley brings more than 2 decades of experience in marketing, go-to-market, and community building to Oligo Security. He has a proven track record of successfully launching innovative new products in emerging markets, scaling global demand engines, and driving business strategy through multiple stages of substantial growth.

O’Malley most recently served as CMO of Noname Security, which was acquired by Akamai in June of 2024. He has also held leadership roles at CyberArk, 128 Technology (acquired by Juniper), EMC, Acme Packet, and VMware.

“Mike brings expertise and demonstrated success across the marketing and go-to-market disciplines, as well as a deep understanding of the cybersecurity market – all of which will be critical as we take Oligo through its next stages of accelerated growth,” said Nadav Czerninski, CEO and Co-Founder at Oligo Security. “Mike’s addition to the team is a critical one as we continue to redefine application security with Oligo’s novel approach to our application detection and response platform and deliver significant results to our customers.”

“I’m thrilled to be joining the team at Oligo, and help take a truly disruptive solution to market, as well as contribute to an already fantastic culture at the company,” said Mike O’Malley, Oligo CMO. “I truly believe this is going to be an industry-changing company, and one that customers will look to as a major driver of value for their cybersecurity teams.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Oligo Security Announces Mike O’Malley as Chief Marketing Officer first appeared on AI-Tech Park.

F5 (NASDAQ: FFIV) today announced it is bringing robust application security and delivery capabilities to AI deployments powered by Intel. This new joint solution combines industry-leading security and traffic management from F5’s NGINX Plus offering with the cutting-edge optimization and performance of the Intel Distribution of OpenVINO toolkit and Infrastructure Processing Units (IPUs) to deliver superior protection, scalability, and performance for advanced AI inference.

As organizations increasingly adopt AI to power intelligent applications and workflows, efficient and secure AI inference becomes critical. This need is addressed by combining the OpenVINO toolkit—which optimizes and accelerates AI model inference—with F5 NGINX Plus, providing robust traffic management and security.

The OpenVINO toolkit simplifies the optimization of models from almost any framework to enable a write-once, deploy-anywhere approach. This toolkit is essential for developers aiming to create scalable and efficient AI solutions with minimal code changes.

F5 NGINX Plus enhances the security and reliability of these AI models. Acting as a reverse proxy, NGINX Plus manages traffic, ensures high availability, and provides active health checks. It also facilitates SSL termination and mTLS encryption, safeguarding communications between applications and AI models without compromising performance.

To further boost performance, Intel IPUs offload infrastructure services from the host CPU, freeing up resources for AI model servers. The IPUs efficiently manage infrastructure tasks, opening up resources to enhance the scalability and performance of both NGINX Plus and OpenVINO Model Servers (OVMS).

This integrated solution is particularly beneficial for edge applications, such as video analytics and IoT, where low latency and high performance are crucial. By running NGINX Plus on the Intel IPU, the solution helps ensure rapid and reliable responses, making it ideal for content delivery networks and distributed microservices deployments.

“Teaming up with Intel empowers us to push the boundaries of AI deployment. This collaboration highlights our commitment to driving innovation and delivers a secure, reliable, and scalable AI inference solution that will enable enterprises to securely deliver AI services at speed. Our combined solution ensures that organizations can harness the power of AI with superior performance and security,” said Kunal Anand, Chief Technology Officer at F5.

“Leveraging the cutting-edge infrastructure acceleration of Intel IPUs and the OpenVINO toolkit alongside F5 NGINX Plus can help enable enterprises to realize innovative AI inference solutions with improved simplicity, security, and performance at scale for multiple vertical markets and workloads,” said Pere Monclus, Chief Technology Officer, Network and Edge Group of Intel.

The solution is now available. For more information, visit f5.com/intel. In addition, a companion blog from F5 CTO Kunal Anand provides further insight on this offering.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post F5 Collaborates with Intel to Simplify AI Services Security & Delivery first appeared on AI-Tech Park.

News Highlights
In the first half of 2024:

• Application-Layer DNS DDoS attack activity quadruples compared to the first half of 2023
• North American online applications and APIs shoulder 66% of web attacks
• EMEA organizations face more than 90% of web DDoS attacks
• Finance organizations experience 44% of network-layer DDoS attacks
• The average number of Pro-Russian attacks targeting Ukraine doubles compared to the average number in 2023

Radware^® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, released its H1 2024 Global Threat Analysis Report.

“During the first half of 2024, high-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” said Pascal Geenens, Radware’s director of threat intelligence. “World-wide geopolitical tensions, including conflicts in Europe and the Middle East, as well as international events, like country elections, Eurovision, UEFA Euro, and the Olympics, continue to drive malicious activity. In the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models. The gravity of the upcoming election in the United States and concerns over decelerating financial markets are also set to fuel cyber disruption.”

Radware’s report leverages intelligence provided by network and application attack activity sourced from the company’s Cloud and Managed Services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.

Web DDoS attacks climb more than 200%
Web DDoS attacks made significant gains in frequency and intensity.

• Number of attacks: In the first half of 2024, Web DDoS attacks surged globally 265% compared to the second half of 2023.
• Geographic targets: Organizations in EMEA were the primary target of Web DDoS attacks between January and June of 2024, shouldering more than 90% of the attacks.

Recently, Radware reported a record-breaking six-day Web DDoS attack campaign, targeting a financial institution. It consisted of multiple waves, which lasted 4- to 12-hours, amounting to a total of 100 hours of attack time and sustaining an average of 4.5 million RPS with a peak of 14.7 million RPS.

Network-layer DDoS attack volumes increase exponentially
During the first half of 2024:

• Attack volume: Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC, compared to the same period in 2023.
• Geographic targets:         
  • The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume.
  • The APAC region accounted for almost 19% of attacks and 7% of the global volume.
• Industry targets: Globally, finance organizations experienced the highest attack activity (44%), followed by healthcare (17%), technology (10%), and government (7%).

Application-layer DNS DDoS attack activity quadruples
Between January and June of 2024:

• Attack activity:
  • DNS DDoS attack activity quadrupled compared to the first half of 2023.
  • The number of malicious DNS queries grew by 76% compared to the total number of queries observed during all of 2023.
• Industry targets: Finance was the most targeted industry, representing 52% of the total Layer 7 DNS Flood attack activity. Healthcare, telecom, and research and education were other notable industries.

Hacktivist DDoS activity continues unabated
During the first half of 2024, the hacktivist landscape remained dynamic with constant DDoS activities. According to data gathered from Telegram:

• Number of attacks: Hacktivist-driven DDoS attacks hovered between 1,000 to 1,200 claimed attacks per month.
• Top actors claiming DDoS attacks: NoName057(16) remained the most active threat actor by a significant margin, claiming 1,902 attacks, followed by Executor DDoS (577 claimed attacks) and Cyber Army of Russia Reborn (437 claimed attacks).
• Geographic targets: Ukraine was the most targeted country with 741 claimed attacks compared to 744 attacks in all of 2023. The United States ranked second (604 claimed attacks), followed by Israel (542 claimed attacks), and India (364 claimed attacks).
• Website targets: Government websites were top hacktivist targets, especially in Ukraine, Israel and India. Business and economy followed by travel were the second and third most targeted websites respectively.

“Following the conflict between Russia and Ukraine, Telegram has continued to inspire many hacktivists and other ill-intended groups to make a move for the platform,” said Geenens. “It’s become a major hub for cyber criminals, making it easier for them to recruit volunteers, build global alliances, create and sell attack services, and exchange cryptocurrency.”

Web application and API attacks rise
During the first half of 2024:

• Number of attacks: Web application and API attacks increased by 22% compared to the second half of 2023.
• Geographic targets: The majority of web attacks (66%) were targeting applications and APIs located in North America. Applications in EMEA accounted for 23% of the attack activity.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Radware’s First Half 2024 Report: Web DDoS Attacks Climb 265% first appeared on AI-Tech Park.

Apiiro, the leading application security posture management (ASPM) platform, today introduced Risk Detection at Design Phase, a new, AI-driven capability that automatically analyzes feature requests to identify risks and proactively initiate security reviews or threat models at the earliest stage of the application development lifecycle. With this new, first-of-its-kind capability, application security (AppSec) practitioners can now scale their secure software development lifecycle (SSDLC) processes by mitigating security and compliance concerns before a single line of code is written.

Security products on the market today detect risks only after the development process has begun. This results in wasted time for developers due to manual risk assessment questionnaires, which impact release velocity and business value. With the detection of risks at the design phase, Apiiro customers can proactively address security, data privacy, infrastructure, compliance, and other risks at the onset of development, saving significant time and costs while minimizing rework and accelerating secure software delivery.

Apiiro’s detection of risky feature requests is built on cutting-edge AI technology, including Apiiro’s native private LLM. This model, not accessible by ChatGPT or any other public LLM services, ensures customer privacy and compliance by automatically analyzing feature requests and proactively identifying potential risks associated with:

• Generative AI technology: adding or changing generative AI tools, frameworks, technologies, and the data that is exposed to them.
• Sensitive data handling: storing and/or processing sensitive information like PII, PHI payment data fields as part of the application data flow, changing encryption mechanisms, data migrations, writing sensitive data to logs, and using sensitive data as an API return type.
• User permissions and access management: user authentication and authorization, login or registration processes, and changing user permissions.
• Third-party integrations, and open source dependencies: changing or adding open source dependencies and integrations with third-party services.
• Architecture design and security controls: requests for changes in APIs, network, databases, web servers, web clients, logging, serialization and other component configurations, architecture designs, and deployment of new or changed components.

For each risky feature request, enriched by the code architecture generated by its Deep Code Analysis (DCA) technology, Apiiro’s native private LLM model automatically generates contextual questions for a security review and produces threat stories using the STRIDE threat model. This automation eliminates the need for manual security processes, accelerating development velocity and deployment of secure code to the cloud, ultimately driving business growth. In addition, Apiiro enhances design risk context by automatically mapping to specific code commits, repositories, and pull requests, providing deeper insight into how potential risks may manifest in the actual codebase.

“Detecting potential risk at the design phase gives us the opportunity to remediate risks before they exist, and in the most efficient way for our developers. However, it’s challenging to do this at scale and to ensure full coverage of features our development team are building. Apiiro’s design phase risk detection engine is a unique capability in the ASPM space. It allows us to modernize our approach to Secure-by-Design, scale and strengthen our security engagement, and provide some automation to our threat modeling and security requirements processes.” -Head of Security Engineering at Fortune 100 retail company

“Amidst the ever-changing complexity of modern software development processes and application architectures, Apiiro is committed to delivering complete risk-based visibility and protection from design to runtime,” said Moti Gindi, chief product officer at Apiiro. “Building secure software starts with secure design, and the new AI-Driven Risk Detection at Design Phase from Apiiro takes the ‘shift left’ approach a step further, addressing risks even before a single line of code is written. This first-of-its-kind functionality leverages the power of AI to ensure customers have the context required to facilitate efficient security reviews and evolve from a reactive to a proactive approach to application security.”

Click here to learn more and visit the Apiiro booth #2622 at Black Hat USA for a live demonstration of the Risk Detection at Design Phase.

Supporting Resources

• Apiiro blog
• Apiiro on LinkedIn
• Apiiro on Twitter

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Apiiro Launches AI-Driven Risk Detection at the Design Phase first appeared on AI-Tech Park.

Cycode, the industry leader in Complete Application Security Posture Management (ASPM), today unveiled Cycode AI, a groundbreaking suite of AI-powered features that are now embedded in the company’s Complete ASPM platform. This transformative integration empowers security teams and developers to dramatically increase productivity, accelerate velocity, and gain unprecedented visibility into risk-prone gaps across the entire organization, effectively mitigating the growing threat of sophisticated code-driven attacks.

The enhancements come as the company strengthens its leadership team with the appointment of Jimmy Xu as Field CTO. Xu, a seasoned industry veteran, will spearhead Cycode’s customer-centric approach to innovation and further accelerate the adoption of its Complete ASPM platform.

“With Cycode we know that we have the workflows, controlled shift left capabilities, and AI remediation to make sure we don’t only just detect, but prevent violations before they go into production,” said Alex Flowers, Application Security Lead at Nomi Health. Cycode AI helps streamline our workflows and significantly reduces the time we spend on security tasks for our developers. This allows our team to focus on higher-value activities, like improving our security posture and preventing vulnerabilities before they become threats.”

Empower Teams with AI-Driven Productivity and Accuracy

In the last year alone, a staggering 93 billion lines of code were added to public repositories – a number projected to skyrocket alongside the exponential growth of software development, dramatically expanding the attack surface for malicious actors. Cycode AI empowers security professionals and developers to proactively defend against these evolving threats by:

• Effortlessly Querying Complex Data and Swiftly Identify Threats: Leverage natural language processing within the Risk Intelligence Graph for intuitive, AI-powered insights and data-driven decisions.
• Monitoring Critical Code Changes in Real Time: Receive automatic alerts about potential risks from the Material Code Change Alerting AI, ensuring swift mitigation and codebase integrity.
• Generating Precise Regex Patterns: Streamline threat identification with the AI Regex Builder, which automatically creates effective regex patterns, reducing false positives and negatives.
• Detecting Secrets with Unparalleled Accuracy: Enhance your security posture with AI Secret Detection, leveraging advanced machine learning to identify generic secrets with exceptional precision and recall.
• Fixing Vulnerabilities with Intelligent Code Suggestions & Context: Leverage AI-powered Static Application Security Testing (SAST) to receive automatic, context-aware code fixes, reducing remediation time and enabling faster development cycles.
• Maintaining Security and Compliance: Ensure code quality and security standards are upheld while maintaining a rapid development pace.
• Comprehensive Visibility and Discovery of AI Code Usage
• Uncovering and Tracking AI Activity: Gain comprehensive visibility into AI tool usage across your organization, identifying and monitoring AI-related activities in code repositories, CI/CD pipelines, and cloud infrastructure.
• Detecting and Mitigating Shadow AI Risks: Uncover ungoverned or unauthorized AI usage, enabling proactive risk mitigation and ensuring responsible AI adoption.

Cycode Champion’s Customer-Centric Approach to Innovation

The company has expanded its organizational leadership with the appointment of Jimmy Xu as Field Chief Technology Officer (CTO). With over 21 years of experience, Xu is a seasoned strategist across software engineering, IT Ops and DevOps, and cybersecurity within public and private sectors. Prior to this role, Xu held positions at Trace3 and Technologent. At Cycode, Xu will serve as a technology evangelist, focusing on product strategy and sales enablement, while also driving customer advocacy and thought leadership within the ASPM market.

“I’m excited to join Cycode at this pivotal time for the ASPM market, especially with the groundbreaking launch of AI built into the Cycode Complete ASPM platform. This new suite of AI-powered features will revolutionize how we approach application security, and I’m eager to work closely with our customers and partners to harness its full potential,” said Jimmy Xu, Field CTO at Cycode. “By combining Cycode’s deep understanding of customer needs with cutting-edge AI capabilities, we will continue to deliver the most effective and comprehensive application security solutions that empower organizations to build and maintain secure software at the speed of modern development.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cycode Unveils Complete ASPM Solution with Built-in AI first appeared on AI-Tech Park.

Backslash Security, a modern application security solution that leverages deep reachability analysis for enterprise AppSec and product security teams, today introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities. The new features equip security teams and developers with enhanced remediation guidance that is safe, secure and in the relevant context of the given application, ensuring that critical vulnerabilities can be fixed without introducing new risks.

Fix Simulation addresses a pervasive pain point faced by AppSec teams and developers: any version upgrade can introduce new risks due to unforeseen code dependencies, undoing progress and placing teams back at square one. Backslash Fix Simulation addresses this issue by simulating multiple fix options and demonstrating the resulting security posture for each one. This enables developers to save time, choose the best option, take multiple considerations into account including those unrelated to security, and avoid introducing new risks while addressing security issues

Attack Path Remediation integrates with LLMs to give developers highly contextual guidance on code vulnerability remediation, while ensuring source code stays confidential. Drawing from the comprehensive contextual insight generated via Backslash reachability analysis, the platform produces safe and secure remediation guidance. By using code metadata from Backslash scans such as technology stacks and frameworks without sharing any code snippets, organizations can leverage LLM technology while protecting against data leaks and maintaining code privacy.

“We finished the first half of the year with a record number of new customers. This reinforced our belief that it’s critical not only to focus the AppSec team on what really matters, but also to simplify the process of fixing the issues found,” said Yossi Pik, co-founder and CTO of Backslash Security. “To address this need, we developed new remediation capabilities that ensure vulnerabilities are identified, prioritized, and fixed promptly, closing the loop with tailored, context-rich recommendations. It’s like having an insider provide fix suggestions, streamlining the process for security and development teams.”

These new capabilities align with CISA’s Secure by Design Pledge requirements, providing organizations with a robust framework for maintaining security throughout the software development lifecycle. Backslash simplifies security integration into the development process, ensuring vulnerabilities are caught early and thus reducing entire classes of vulnerabilities.

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Backslash Security introduced two new capabilities first appeared on AI-Tech Park.

Heeler Security Inc., a pioneering startup in the application security space, today announced the successful closing of an $8.5 million Seed Series funding round, led by Norwest Venture Partners with significant participation from Storm Ventures.

“Application security requires a new approach that focuses on runtime visibility and that’s exactly what Heeler has done,” said David Zilberman, General Partner at Norwest Venture Partners. “The founders of Heeler have storied backgrounds that demonstrate an ability to execute. They have launched application security and cloud security products at enterprise scale and have started and grown companies from initial stages to acquisition and IPO.”

The growing complexity of modern applications has created an expanding and often obscure attack surface, overwhelming security teams who lack the real-time context needed to secure them. This results in fragmented security insights across the software development lifecycle (SDLC), heightened risks of breaches and vulnerabilities, and reactive firefighting.

To address these escalating challenges, founders Chris Hertz, Chief Executive Officer, James Green, Chief Product Officer, Trever McKee, Chief Technology Officer, and Chris DeRamus, Chief Strategy Officer, launched Heeler in June 2023, driven by a vision to fundamentally transform application security by delivering:

• Real-time security and business context
• Detection, enrichment and posture management
• Response orchestration

“We are uniquely positioned to seize a massive market opportunity by creating a platform that offers comprehensive SDLC security at the convergence of application and cloud,” said Chris Hertz, CEO of Heeler. “This round of seed funding will support our execution of that vision.”

Heeler’s patent-pending ProductDNA technology unifies the code, behavior, and business context of applications in real-time. ProductDNA delivers what was previously impossible: a frictionless chain of custody between the intended state in code and the running state in production. Acting as a shared operating platform for both security and developers, it embeds security seamlessly into the development lifecycle, benefiting both security and developer teams alike.

For the first time, Heeler enables organizations to fulfill their mandate of customer trust by enhancing security and availability while maintaining speed and efficiency. Heeler automates the repetitive and time-intensive task of assessing the impact of security issues on business applications, significantly reducing noise and false positives. Developers can now understand the security impact of their changes as they code, allowing guidance and development of resilient applications.

“Heeler is making it effortless for security teams and developers to easily collaborate on preventing and managing security risks throughout their entire SDLC, ” said Justin Pagano, Director of Security Risk & Trust at Klaviyo. “As innovation accelerates cloud and application complexity, Heeler’s ProductDNA provides a scalable and simplified approach to maintaining a holistic, real-time view of SDLC security and lineage with quickly actionable ownership, integrity, and security risk context.”

Heeler’s ProductDNA is already used by design partners, ranging from unicorn startups to Fortune 500 firms, and will be generally available in Q4 2024.

Heeler Security will be displaying its solution at Black Hat USA 2024. Interested parties are invited to meet the founders at booth SC316 in Startup City to learn more about the company’s vision and upcoming product launch. Schedule a demo here: www.heeler.com

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Heeler Security Secures $8.5M Seed Funding first appeared on AI-Tech Park.

Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today published its State of Application Security 2024 Report. Findings from this year’s report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams.

Today’s digital world runs on web applications and APIs. They allow ecommerce sites to accept payments, healthcare systems to securely share patient data, and power activities we do on our phones. However, the more we rely on these applications, the more the attack surface expands. This is further magnified by the demand for developers to quickly deliver new features—e.g., capabilities driven by generative AI. But if unprotected, exploited applications can lead to the disruption of businesses, financial losses, and the collapse of critical infrastructure.

“Web Applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers,” said Matthew Prince, co-founder and CEO at Cloudflare. “Cloudflare’s network blocks an average of 209 billion cyber threats for our customers every single day. The layer of security around today’s applications has become one of the most essential pieces to making sure the Internet stays secure.”

Key findings from Cloudflare’s State of Application Security 2024 Report include:

• DDoS attacks continue to increase in number and volume: DDoS remains the most leveraged threat vector to target web applications and APIs, comprising 37.1% of all application traffic mitigated by Cloudflare. Top targeted industries were Gaming and Gambling, IT and Internet, Cryptocurrency, Computer Software and Marketing and Advertising.
• First to patch vs. first to exploit—the race between defenders and attackers accelerates: Cloudflare observed faster exploitations than ever of new zero-day vulnerabilities, with one occurring just 22 minutes after its proof-of-concept (PoC) was published.
• Bad bots—if left unchecked—can cause massive disruption: One-third (31.2%) of all traffic stems from bots, the majority (93%) of which are unverified and potentially malicious. Top targeted industries were Manufacturing and Consumer Goods, Cryptocurrency, Security and Investigations, and US Federal Government.
• Organizations are using outdated approaches to secure APIs: Traditional web application firewall (WAF) rules that use a negative security model—the assumption that most web traffic is benign—are most commonly leveraged to protect against API traffic. Far fewer organizations use the more widely accepted API security best practice of a positive security model—strict definitions on traffic that is allowed, rejecting the rest.
• Third-party software dependencies pose growing risk: Organizations use an average of 47.1 pieces of code from third-party providers and make an average of 49.6 outbound connections to third-party resources to help enhance website efficiency and performance—e.g., leveraging Google Analytics or Ads. But as web development has largely shifted to allow these types of third-party code and activity to load in a user’s browser, organizations are increasingly exposed to supply chain risk and liability and compliance concerns.

Report Methodology: This report is based on aggregated traffic patterns (observed from April 1, 2023 – March 31, 2024) across the Cloudflare global network. This data and threat intelligence from Cloudflare’s network has been complemented by third-party sources, as cited throughout the report. Cloudflare mitigated 6.8% of all web application and API traffic during the data collection period. Mitigated traffic is defined as any traffic that is blocked or is served a challenge by Cloudflare. The specific threat type and relevant mitigation technique depend on many factors, such as the application’s potential security gaps, the nature of the victim’s business and the attacker’s goals.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Organizations Struggle with Outdated Security as Online Threats Increase first appeared on AI-Tech Park.

Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, today announced major enhancements to its XTD dashboard, providing customers with greater visibility into application security risks and more actionable insights to better protect mobile apps and users.

First launched in early 2022, the updated XTD dashboard introduces an all new risk classification model that replaces numerical scores with four clear implication classifications — Informational, Low, Suspicious and High. This allows security teams to quickly understand the severity and context around detected threats. Detailed explanations accompany each risk level, ensuring transparency.

In addition to the new risk scoring model, the XTD dashboard provides specific remediation guidance mapped to each risk level. Teams can immediately see recommended steps for investigating, applying protections or addressing vulnerabilities based on the evaluated threats.

The redesigned dashboard UI streamlines information delivery with optimized layouts and intuitive navigation:

• Main Dashboard Page offers an at-a-glance view of the overall app security posture, key metrics and critical detections requiring attention
• App Instance View enables drill-down analysis of individual application instances to identify patterns and focus risk mitigation efforts

“With the surge in mobile app usage and evolving cyber threats, organizations need robust threat intelligence that allows them to prioritize and respond swiftly,” said Tom Powledge, Head of Cybersecurity Business for Verimatrix. “Our enhanced XTD dashboard applies intelligence and automation to translate raw data into actionable information that enables teams to mitigate risks effectively.”

The company has also introduced Verimatrix User Identity Tag, a new XTD feature that associates a unique identifier with each individual app user. This makes it possible to trace compromised app instances back to the account source, empowering more effective threat containment and forensic investigation processes.

“Verimatrix User Identity Tag enhances mobile app security by bridging the gap between detecting compromised app instances and actually tracing them back to the impacted user accounts,” said Dr. Klaus Schenk, SVP Security and Threat Research at Verimatrix. “For regulated enterprises like banks, this capability is game-changing. It transforms a broad ‘potential breach’ scenario into a laser-focused incident response, allowing surgical containment of just the involved accounts. This preserves business continuity and enhances compliance specificity, while providing authoritative evidence trails — something that’s been virtually impossible until now with the disconnected nature of mobile app security.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Verimatrix announced enhancements to XTD Dashboard first appeared on AI-Tech Park.

Checkmarx, the industry leader in cloud-native application security for the enterprise, is stepping up collaboration with DXC Technology (NYSE: DXC), a leading Fortune 500 global technology services company, to offer robust and fully scalable application security (AppSec) programs and services around the world. DXC Technology will now sell and support the Checkmarx One application security platform at its customer sites to enable enterprise-grade, comprehensive protection across the software development life cycle and help them find and fix software vulnerabilities faster.

Together, Checkmarx and DXC Technology have over 5000 experts and a vast ecosystem of partners to design, build, deliver and support holistic application security programs to:

• Protect all applications and application footprints on a single platform that covers the entire software development life cycle (SDLC), from code to cloud
• Reduce cost and risk while improving customer outcomes
• Help organizations take applications to market faster
• Tailor and customize services to match each customer’s needs

“DXC and Checkmarx have built a powerful relationship to significantly reduce risk and ensure faster innovation for enterprise organizations around the world,” said Yigal Elstein, Chief Revenue Officer at Checkmarx. “The enterprise has a critical need to speed and scale business-critical projects without compromising application security, including digital transformation and cloud migration​. Checkmarx and DXC deliver a real solution through Checkmarx One with DXC’s global reach that enables alignment of processes, tools and methodologies across regions and business units.”

Remarked Roger Smith, Global Testing and Digital Assurance Practice Leader at DXC, “I’m excited about the new partnership with Checkmarx and the advanced capabilities of the Checkmarx One platform as an integral part of DXC Application Security on Demand services to proactively integrate security into the development lifecycle through developer-friendly features that accelerate speed to value.“

In addition to selling and supporting Checkmarx One, DXC will provide the following services:

• Application security strategy and consulting​
• Comprehensive application threat analysis
• Project-level optimization to ensure high-fidelity results and priority-based remediation
• Query customization, triage and remediation
• Static, dynamic, API, IaC security testing​
• Open-source software composition analysis​
• Migration​ to Checkmarx One

Purpose-built for enterprise cloud development, Checkmarx One is a highly scalable platform that addresses the need to close application security gaps while speeding time to delivery. The platform integrates into any workflow or tool, delivering security with the speed, scale and flexibility to support the latest development requirements, seamlessly working with all modern frameworks and development infrastructures through webhook integrations, a standard set of APIs or command-line interface. Checkmarx One dramatically improves the end-to-end developer experience of AppSec while expanding the AI-driven security capabilities across the platform, its reporting and analytics capabilities and its software Supply Chain Security solution.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Checkmarx, DXC Technology to Deliver Scalable, Holistic AppSec Globally first appeared on AI-Tech Park.